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What is claimed is: 

1 . A method for transmitting Internet Key Exchange (IKE) data packets 
across a network comprising the steps of: 

generating and transmitting an IKE packet over a network; 
determining whether a response to the IKE packet was received; 
fragmenting the IKE packet into a plurality of smaller packets when a response 
is not received, wherein each of the smaller packets includes a header formatted 
according to the IKE protocol; and 

transmitting each of the plurality of smaller packets over a network. 

2. The method of claim 1 wherein each header includes an identifier that 
may be used to associate the smaller packet with a corresponding IKE packet. 

3. A network node that communicates with other network nodes 
1 5 according to the Internet Key Exchange (IKE) protocol comprising: 

a User Datagram Protocol (UDP) stack that is capable of generating UDP data 
packets for transmission over a network; 

an IKE protocol stack that generates IKE data packets that are subsequently 
processed by the UDP protocol stack; and 
20 a fragmenter module that intercepts IKE data packets prior to being processed 

by to the UDP protocol stack and splits the IKE data packets into a plurality of 
smaller data packets that may be subsequently formatted by the UDP protocol stack. 
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4. A method for fragmenting a data packet comprising the steps of: 
generating an IKE data packet; 

intercepting the IKE data packet before it is passed to a subsequent network 
protocol stack; 

determining a maximum size for fragments of an IKE data packet; 
dividing the IKE data packet into at least two smaller packets; and 
prepending a header to each smaller packet, wherein each header for each 

smaller packet includes an identifier that associates the smaller packet with its 

corresponding IKE data packet. 

5. The method of claim 4 wherein the dividing step is performed such that 
the combined size of each smaller packet and prepended header will not exceed the 
maximum size. 

6. A method for receiving fragmented Internet Key Exchange (IKE) data 
packets comprising the steps of: 

receiving a plurality of fragments of an IKE data packet from a transmitting 
node, wherein each fragment includes an identifier that associates each fragment with 
an IKE data packet; and 

discarding all fragments that contain a first identifier if a predetermined 
number of fragments are received that contain a second identifier. 
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7. The method according to claim 6 wherein the step of discarding all 
fragments that contain a first identifier is performed when at least one fragment is 
received that contains a second identifier. 

8. The method according to claim 6 further comprising the steps of: 
determining whether all fragments that are associated with an IKE data packet 

have been received; and 

sending a no acknowledgment (NAK) message to the transmitting node when 
at least one fragment has not been received. 

9. The method according to claim 6 further comprising the step of 
determining the total size of all fragments that contain the same identifier and 
discarding said fragments when the total size exceeds a predetermined limit. 

10. The method according to claim 9 wherein the predetermined limit is 64 
kilobytes. 

11. A system for transmitting Internet Key Exchange (IKE) protocol data 
packets across a network comprising: 

means for generating an IKE packet; 
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means for detecting whether the IKE packet was successfully received at the 
intended receiver node; and 

means for fragmenting the IKE packets into smaller packets when the IKE 
packet was not successfully received at the receiver node, wherein each of the smaller 
5 packets includes information that permits a receiver node to identify the IKE packet 
associated with each smaller packet and the position of each smaller packet within the 
IKE packet. 

12. The system of claim 1 1 further comprising means for determining the 
10 capability of the receiver node for receiving fragmented packets. 



